# # System notifications # { config, lib, pkgs, ... }: let fqdn = "matrix.${config.networking.domain}"; clientConfig = { "m.homeserver".base_url = "https://${fqdn}"; "m.identity_server" = {}; }; serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443"; mkWellKnown = data: '' add_header Content-Type application/json; add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON data}'; ''; in { services.nginx = { enable = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { "${config.networking.domain}" = { enableACME = true; forceSSL = true; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; }; "${fqdn}" = { enableACME = true; forceSSL = true; locations."/".extraConfig = '' return 404; ''; locations."/_matrix".proxyPass = "http://127.0.0.1:8008"; locations."/_synapse/client".proxyPass = "http://127.0.0.1:8008"; }; # "element.${config.networking.domain}" = { # enableACME = true; # forceSSL = true; # # root = pkgs.element-web.override { # conf = { # default_server_config = clientConfig; # }; # }; # }; }; }; services.matrix-synapse = { enable = true; settings = { server_name = config.networking.domain; public_baseurl = "https://matrix.${config.networking.domain}"; listeners = [ { port = 8008; bind_addresses = [ "::1" "127.0.0.1" ]; type = "http"; tls = false; x_forwarded = true; resources = [ { names = [ "client" ]; compress = true; } { names = [ "federation" ]; compress = false; } ]; } ]; }; extraConfigFiles = [ config.age.secrets."services/matrix/synapse.yml".path ]; }; age.secrets."services/matrix/synapse.yml" = { file = ../../../secrets/services/matrix/synapse.age; owner = "matrix-synapse"; }; systemd.services = { matrix-synapse = { requires = [ "postgresql.service" ]; }; }; }